Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
80b66aa3e7594f20e55c184c6ba584e9
-
Size
641KB
-
Sample
240129-yjjgbabaeq
-
MD5
80b66aa3e7594f20e55c184c6ba584e9
-
SHA1
a5766106af754cb0584ae28ff8c52c035d1cdd50
-
SHA256
a0a383d7599b7c847b366b4b35114f24205e3e9f624311c7931eea0d2218618c
-
SHA512
06a2bdbd0fdd3806ac2f899a287895a0479e95209a804bdae4cf79ec43b187d1445fc18c6b2f0ad97e75d2367697ff0fe6b237ef24fcb606fa19740c1e9688ed
-
SSDEEP
12288:5FB1hPO7iS/d348RF38guUtROV+MyNhFQW3xClZt+IobxwU4n0u:5FB1hPRS/d3ZjuGrMyNzV3od0g9
Static task
static1
Behavioral task
behavioral1
Sample
80b66aa3e7594f20e55c184c6ba584e9.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
80b66aa3e7594f20e55c184c6ba584e9.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
warzonerat
185.222.57.226:3554
Targets
-
-
Target
80b66aa3e7594f20e55c184c6ba584e9
-
Size
641KB
-
MD5
80b66aa3e7594f20e55c184c6ba584e9
-
SHA1
a5766106af754cb0584ae28ff8c52c035d1cdd50
-
SHA256
a0a383d7599b7c847b366b4b35114f24205e3e9f624311c7931eea0d2218618c
-
SHA512
06a2bdbd0fdd3806ac2f899a287895a0479e95209a804bdae4cf79ec43b187d1445fc18c6b2f0ad97e75d2367697ff0fe6b237ef24fcb606fa19740c1e9688ed
-
SSDEEP
12288:5FB1hPO7iS/d348RF38guUtROV+MyNhFQW3xClZt+IobxwU4n0u:5FB1hPRS/d3ZjuGrMyNzV3od0g9
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-